• by Ray Schultz , March 1, 2022

Nearly all companies were the target of phishing attacks in 2021, and most say these attacks are occurring more frequently, according to State of Email Security 2022, a global study released Tuesday by security firm Mimecast. 

Worse, 75% of companies were hit by ransomware attacks during the past 12 months. Nearly 66% paid the ransom to get their data released, and more than 33% experienced downtimes of a week or more. 

Companies experienced an average of 10 email and website spoofing attempts in the past year -- and 90% have seen data leaks and business email compromise attacks, although phishing is the most common email-borne threat, the study says. 

Unfortunately, 90% of companies surveyed in the study say the security defenses provided by the Microsoft 365 productivity platform are insufficient. 

On a positive note, 96% say their firms have begun -- or are well into the process of developing -- a strategy for cyber defense. And 90% deploy DMARC (Domain-based Message Authentication, Reporting and Conformance). 

On average, firms allocate 14% of their IT budgets to security, but the respondents prefer to designate 17%. 

Mimecast surveyed 1,400 information technology and cybersecurity professionals in 12 countries.